# aws-terraform-registry-cli
[](https://pypi.org/project/aws-terraform-registry)
[](https://pypi.org/project/aws-terraform-registry)
Versions following [Semantic Versioning](https://semver.org/)
## Overview
This project create a python client which work with [AWS Terraform Private Registry](https://github.com/geronimo-iia/terraform-aws-tf-registry).
Features:
- Show client configuration (for debug purpose)
- Authentication:
- JWT Token generation
- .terraformrc generation to configure Devops workstation
- Terraform module publication from external storage (like a githb module release)
- Terraform module release (more detail on it below) to store every module inside default bucket of the [AWS Terraform Private Registry](https://github.com/geronimo-iia/terraform-aws-tf-registry)..
See [documentation](https://geronimo-iia.github.io/terraform-aws-tf-registry-cli/).
The [AWS Terraform Private Registry](https://github.com/geronimo-iia/terraform-aws-tf-registry) follow this Architectural design:
## Installation
Install this library directly into an activated virtual environment:
```text
$ python3 -m pip install terraform-aws-tf-registry
```
## Configuration
We have to provide few informations to this client :
| Name | Description |
|---------------------|---------------------------------------------------------------------|
| secret_key_name | AWS Secret manager name where JWT Secret is stored |
| repository_url | HTTPS endpoint of the registry |
| dynamodb_table_name | AWS dynamodb table name |
| bucket_name | bucket name |
| default_namespace | default namespace to publish terraform module ("devops" per default) |
| | |
All this information can come from several way (choose the rigth for you):
- from a yaml configuration file
- from environment variable
> Yaml configuration can be overriden with environment variable.
### YAML configuration
The default file name is `terraform_registry.yaml`, you can override this with `TFR_CONFIG_FILE` environmentt variable.
To find thie configuratin file, directories will be lookup in this order:
- user home directory
- command line directory
- `/etc/tfr`
### Environment variable
| Name | Enviromnent variable name |
|---------------------|---------------------------|
| secret_key_name | TFR_SECRET_KEY_NAME |
| repository_url | TFR_REPOSITORY_URL |
| dynamodb_table_name | TFR_DYNAMODB_TABLE_NAME |
| bucket_name | TFR_BUCKET_NAME |
| default_namespace | TFR_DEFAULT_NAMESPACE |
| | |
All environment variable can be set with `.env` file inside your command line directory.
## Usage
```bash
> tfr
usage: tfr [-h] {config,generate-token,generate-terraformrc,publish,release} ...
Manage terraform registry
positional arguments:
{config,generate-token,generate-terraformrc,release,unpublish,publish}
commands
config Show configuration parameters
generate-token Generate an access token
generate-terraformrc
Generate terraformrc configuration file
release Release a terraform module from custom source.
publish Publish a terraform module from custom source.
unpublish Unpublish a terraform module (Keep archive on s3).
optional arguments:
-h, --help show this help message and exit
```
### Configuration
You can print what the python client use as configuration with the command :
`tfr config`
Example with an empty configuration:
```bash
bucket_name: null
default_namespace: devops
dynamodb_table_name: null
repository_url: null
secret_key_name: null
```
### Authentication
#### Obtain a JWT token
Command :
```bash
usage: tfr generate-token [-h] [-weeks WEEKS]
optional arguments:
-h, --help show this help message and exit
-weeks WEEKS, --weeks WEEKS
#weeks of validity (52 per default)
```
#### Configure terraform with your private registry
Users must create `.terraformrc` file in their $HOME directory, with this content:
```hcl
credentials "registry.my-domain.com" {
token = "Mytoken"
}
```
Command :
```bash
usage: tfr generate-terraformrc [-h] -output-directory OUTPUT_DIRECTORY [-weeks WEEKS]
optional arguments:
-h, --help show this help message and exit
-output-directory OUTPUT_DIRECTORY, --output-directory OUTPUT_DIRECTORY
output directory
-weeks WEEKS, --weeks WEEKS
#weeks of validity (52 per default)
```
## Terraform & Publication
You have two way to publish a module, using:
- `publish`
- `release`
What's the difference ?
> `publish`: register the source module as is in the aws private terraform regstry. You could have access issue if this url is not public.
> `release`:
>
> - store the source into the dedicated bucket of aws private terraform regstry. The access is managed within registry.
> - archive (targ.gz) if the source is a folder
> - download the source if it's an http url
> - As your module will be stored within registry bucket, terraform client will use s3 signed url
We use `release` from our ci/cd pipeline and `publish` only when we have to do something like 'quick and dirty' ... (It never happen, I swear !)
### Release command
```bash
usage: tfr release [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE
optional arguments:
-h, --help show this help message and exit
-namespace NAMESPACE, --namespace NAMESPACE
module namespace
-name NAME, --name NAME
module name
-system SYSTEM, --system SYSTEM
module system (aws, ...)
-version VERSION, --version VERSION
module version
-source SOURCE, --source SOURCE
module source
```
### Unpublish command
```bash
usage: tfr unpublish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE
optional arguments:
-h, --help show this help message and exit
-namespace NAMESPACE, --namespace NAMESPACE
module namespace
-name NAME, --name NAME
module name
-system SYSTEM, --system SYSTEM
module system (aws, ...)
-version VERSION, --version VERSION
module version
-source SOURCE, --source SOURCE
module source
```
### Publish command
```bash
usage: tfr publish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE
optional arguments:
-h, --help show this help message and exit
-namespace NAMESPACE, --namespace NAMESPACE
module namespace
-name NAME, --name NAME
module name
-system SYSTEM, --system SYSTEM
module system (aws, ...)
-version VERSION, --version VERSION
module version
-source SOURCE, --source SOURCE
module source
```
Raw data
{
"_id": null,
"home_page": "https://pypi.org/project/terraform-aws-tf-registry-cli",
"name": "aws-terraform-registry",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.8,<3.12",
"maintainer_email": "",
"keywords": "",
"author": "Jerome Guibert",
"author_email": "jguibert@gmail.com",
"download_url": "https://files.pythonhosted.org/packages/50/a9/811f82e718860365570b7f8e0e4e966be9a9efa991a0b0e68aabfa49ff94/aws_terraform_registry-1.1.0.tar.gz",
"platform": null,
"description": "# aws-terraform-registry-cli\n\n[](https://pypi.org/project/aws-terraform-registry)\n[](https://pypi.org/project/aws-terraform-registry)\n\nVersions following [Semantic Versioning](https://semver.org/)\n\n## Overview\n\nThis project create a python client which work with [AWS Terraform Private Registry](https://github.com/geronimo-iia/terraform-aws-tf-registry).\n\nFeatures:\n\n- Show client configuration (for debug purpose)\n- Authentication:\n - JWT Token generation\n - .terraformrc generation to configure Devops workstation\n- Terraform module publication from external storage (like a githb module release)\n- Terraform module release (more detail on it below) to store every module inside default bucket of the [AWS Terraform Private Registry](https://github.com/geronimo-iia/terraform-aws-tf-registry)..\n\n\nSee [documentation](https://geronimo-iia.github.io/terraform-aws-tf-registry-cli/).\n\nThe [AWS Terraform Private Registry](https://github.com/geronimo-iia/terraform-aws-tf-registry) follow this Architectural design:\n\n\n\n\n## Installation\n\nInstall this library directly into an activated virtual environment:\n\n```text\n$ python3 -m pip install terraform-aws-tf-registry\n```\n\n## Configuration\n\nWe have to provide few informations to this client :\n\n\n| Name | Description |\n|---------------------|---------------------------------------------------------------------|\n| secret_key_name | AWS Secret manager name where JWT Secret is stored |\n| repository_url | HTTPS endpoint of the registry |\n| dynamodb_table_name | AWS dynamodb table name |\n| bucket_name | bucket name |\n| default_namespace | default namespace to publish terraform module (\"devops\" per default) |\n| | |\n\n\nAll this information can come from several way (choose the rigth for you):\n\n- from a yaml configuration file \n- from environment variable\n\n> Yaml configuration can be overriden with environment variable.\n\n\n### YAML configuration\n\nThe default file name is `terraform_registry.yaml`, you can override this with `TFR_CONFIG_FILE` environmentt variable.\n\nTo find thie configuratin file, directories will be lookup in this order:\n\n- user home directory\n- command line directory\n- `/etc/tfr` \n\n### Environment variable\n\n\n| Name | Enviromnent variable name |\n|---------------------|---------------------------|\n| secret_key_name | TFR_SECRET_KEY_NAME |\n| repository_url | TFR_REPOSITORY_URL |\n| dynamodb_table_name | TFR_DYNAMODB_TABLE_NAME |\n| bucket_name | TFR_BUCKET_NAME |\n| default_namespace | TFR_DEFAULT_NAMESPACE |\n| | |\n\nAll environment variable can be set with `.env` file inside your command line directory.\n\n\n## Usage\n\n```bash\n> tfr\nusage: tfr [-h] {config,generate-token,generate-terraformrc,publish,release} ...\n\nManage terraform registry\n\npositional arguments:\n {config,generate-token,generate-terraformrc,release,unpublish,publish}\n commands\n config Show configuration parameters\n generate-token Generate an access token\n generate-terraformrc\n Generate terraformrc configuration file\n release Release a terraform module from custom source.\n publish Publish a terraform module from custom source.\n unpublish Unpublish a terraform module (Keep archive on s3).\n\noptional arguments:\n -h, --help show this help message and exit\n ```\n\n### Configuration\n\nYou can print what the python client use as configuration with the command :\n\n`tfr config`\n\nExample with an empty configuration:\n\n```bash\nbucket_name: null\ndefault_namespace: devops\ndynamodb_table_name: null\nrepository_url: null\nsecret_key_name: null\n```\n\n### Authentication\n\n#### Obtain a JWT token\n\nCommand :\n\n```bash\nusage: tfr generate-token [-h] [-weeks WEEKS]\n\noptional arguments:\n -h, --help show this help message and exit\n -weeks WEEKS, --weeks WEEKS\n #weeks of validity (52 per default)\n```\n\n#### Configure terraform with your private registry\n\nUsers must create `.terraformrc` file in their $HOME directory, with this content:\n\n```hcl\ncredentials \"registry.my-domain.com\" {\n token = \"Mytoken\"\n}\n```\n\nCommand :\n\n```bash\nusage: tfr generate-terraformrc [-h] -output-directory OUTPUT_DIRECTORY [-weeks WEEKS]\n\noptional arguments:\n -h, --help show this help message and exit\n -output-directory OUTPUT_DIRECTORY, --output-directory OUTPUT_DIRECTORY\n output directory\n -weeks WEEKS, --weeks WEEKS\n #weeks of validity (52 per default)\n\n```\n\n## Terraform & Publication\n\n\nYou have two way to publish a module, using:\n\n- `publish`\n- `release`\n\nWhat's the difference ?\n\n> `publish`: register the source module as is in the aws private terraform regstry. You could have access issue if this url is not public.\n\n> `release`: \n>\n> - store the source into the dedicated bucket of aws private terraform regstry. The access is managed within registry.\n> - archive (targ.gz) if the source is a folder\n> - download the source if it's an http url\n> - As your module will be stored within registry bucket, terraform client will use s3 signed url\n\nWe use `release` from our ci/cd pipeline and `publish` only when we have to do something like 'quick and dirty' ... (It never happen, I swear !)\n\n### Release command\n\n```bash\nusage: tfr release [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE\n\noptional arguments:\n -h, --help show this help message and exit\n -namespace NAMESPACE, --namespace NAMESPACE\n module namespace\n -name NAME, --name NAME\n module name\n -system SYSTEM, --system SYSTEM\n module system (aws, ...)\n -version VERSION, --version VERSION\n module version\n -source SOURCE, --source SOURCE\n module source\n```\n\n### Unpublish command\n\n```bash\nusage: tfr unpublish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE\n\noptional arguments:\n -h, --help show this help message and exit\n -namespace NAMESPACE, --namespace NAMESPACE\n module namespace\n -name NAME, --name NAME\n module name\n -system SYSTEM, --system SYSTEM\n module system (aws, ...)\n -version VERSION, --version VERSION\n module version\n -source SOURCE, --source SOURCE\n module source\n```\n\n\n### Publish command\n\n```bash\nusage: tfr publish [-h] [-namespace NAMESPACE] -name NAME -system SYSTEM -version VERSION -source SOURCE\n\noptional arguments:\n -h, --help show this help message and exit\n -namespace NAMESPACE, --namespace NAMESPACE\n module namespace\n -name NAME, --name NAME\n module name\n -system SYSTEM, --system SYSTEM\n module system (aws, ...)\n -version VERSION, --version VERSION\n module version\n -source SOURCE, --source SOURCE\n module source\n```\n\n\n\n",
"bugtrack_url": null,
"license": "MIT",
"summary": "Python client tool for aws private terraform registry.",
"version": "1.1.0",
"project_urls": {
"Documentation": "https://geronimo-iia.github.io/terraform-aws-tf-registry-cli/",
"Homepage": "https://pypi.org/project/terraform-aws-tf-registry-cli",
"Repository": "https://github.com/geronimo-iia/terraform-aws-tf-registry-cli"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "57697e6171cae9ad5bdb5af3949a424c17c38187e0e2ad29ed00ff9f132a6070",
"md5": "6cf6653ba5c2c693a275b60855a370b0",
"sha256": "53d3b8eaa01ea896ae03bf4d060a832ffcd0af99d4e10a775788a4bff07e36d5"
},
"downloads": -1,
"filename": "aws_terraform_registry-1.1.0-py3-none-any.whl",
"has_sig": false,
"md5_digest": "6cf6653ba5c2c693a275b60855a370b0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.8,<3.12",
"size": 16267,
"upload_time": "2023-06-26T22:11:21",
"upload_time_iso_8601": "2023-06-26T22:11:21.700763Z",
"url": "https://files.pythonhosted.org/packages/57/69/7e6171cae9ad5bdb5af3949a424c17c38187e0e2ad29ed00ff9f132a6070/aws_terraform_registry-1.1.0-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "50a9811f82e718860365570b7f8e0e4e966be9a9efa991a0b0e68aabfa49ff94",
"md5": "71febbae511a632a48a1a4220f475984",
"sha256": "2e8b27d74478eecc4b31ce6d047c06bf714bb27a7a9b14d0c96a837ce3a68fd7"
},
"downloads": -1,
"filename": "aws_terraform_registry-1.1.0.tar.gz",
"has_sig": false,
"md5_digest": "71febbae511a632a48a1a4220f475984",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.8,<3.12",
"size": 14890,
"upload_time": "2023-06-26T22:11:23",
"upload_time_iso_8601": "2023-06-26T22:11:23.166697Z",
"url": "https://files.pythonhosted.org/packages/50/a9/811f82e718860365570b7f8e0e4e966be9a9efa991a0b0e68aabfa49ff94/aws_terraform_registry-1.1.0.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2023-06-26 22:11:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "geronimo-iia",
"github_project": "terraform-aws-tf-registry-cli",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "aws-terraform-registry"
}
JSON
